🔗 View Live App: https://internal-utility-app.duckdns.org
This project transforms a locally developed Flask application into a secure, production-ready system using Docker, AWS EC2, and automated CI/CD pipelines.
It focuses on reliability, security, and zero-downtime deployment strategies.
- GitHub → Source control & CI/CD pipeline
- Docker Hub → Image registry
- AWS EC2 → Application hosting
- Nginx → Reverse proxy layer
- Let’s Encrypt → HTTPS encryption
- DuckDNS → Domain management
- Multi-stage Docker build to reduce image size
- Runs as non-root user for improved security
- HEALTHCHECK configured for runtime validation
Automated using GitHub Actions:
Steps:
- Run tests (pytest)
- Build Docker image
- Push image to Docker Hub
- Deploy automatically to EC2
✅ Deployment triggered on push to main
🚫 Failed tests block deployment
- GitHub Secrets → CI/CD credentials
- AWS EC2 environment variables → runtime secrets
- No secrets stored in source code, Dockerfile, or history
- Application runs inside Docker container on EC2
- Nginx routes traffic to the container
- HTTPS enabled using Let’s Encrypt
- HTTP automatically redirects to HTTPS
Rolling update simulation:
- Pull new image
- Stop old container
- Start new container
- Docker HEALTHCHECK configured
- Auto-restart enabled (
--restart always) - Container recovers automatically from failure
- Test failures block deployment
- Missing secrets prevent startup
- Container crash triggers auto-restart
- Kubernetes-based deployment
- Load balancing across multiple instances
- Horizontal scaling
Detailed engineering decisions, architecture diagrams, and security reasoning: https://docs.google.com/document/d/1Fj4snFdcg6vaajU0M576k8Ms6SdF9mC9hSNSbmcr5HA/edit?usp=sharing
- Fully automated CI/CD pipeline
- Secure secrets management
- Production-grade deployment on AWS
- HTTPS-enabled system with reverse proxy
- Fault-tolerant container behavior